<?xml version="1.0" encoding="utf-8" ?> 
<access-policy>
   <cross-domain-access>
      <policy>
       <allow-from http-request-headers="SOAPAction,Content-Type">
	  <domain uri="http://*"/>
          <domain uri="https://*" />
         </allow-from>
         <grant-to>
          <resource path="/" include-subpaths="true"/> 
         </grant-to>
    </policy>
   </cross-domain-access>
</access-policy> 